Fortinet has issued patches for two critical vulnerabilities identified in its FortiSandbox security solution, designated as CVE-2026-39813 and CVE-2026-39808. These vulnerabilities could allow unauthenticated attackers to bypass authentication mechanisms and execute unauthorized commands on affected systems.

Both vulnerabilities can be exploited through specially crafted HTTP requests, putting unpatched FortiSandbox instances at considerable risk. Organizations using FortiSandbox are urged to apply the latest updates to safeguard their systems from potential exploitation.

Overview of FortiSandbox

FortiSandbox is a security product developed by Fortinet, designed to detect and analyze advanced threats by executing suspicious files and URLs in a controlled environment. By returning verdicts on these threats, FortiSandbox plays a crucial role in enabling other Fortinet products, such as firewalls, email security appliances, and SIEMs, to enforce security policies and trigger alerts. This integration is facilitated through the Fortinet Security Fabric.

Details of the Vulnerabilities

The vulnerability CVE-2026-39813 is classified as a path traversal flaw within FortiSandbox’s JRPC API. This vulnerability affects systems running FortiSandbox versions 5.0.0 to 5.0.5 and 4.4.0 to 4.4.8, allowing attackers to bypass authentication.

On the other hand, CVE-2026-39808 concerns an unspecified API in FortiSandbox versions 4.4.0 to 4.4.8. This flaw permits unauthenticated execution of code or commands by exploiting improper handling of special elements in operating system commands.

Both vulnerabilities were reported to Fortinet by security researchers: CVE-2026-39813 was identified by a member of Fortinet's own Product Security Incident Response Team (PSIRT), while CVE-2026-39808 was flagged by a researcher from KPMG Spain.

Currently, there is no evidence indicating that these vulnerabilities have been actively exploited by malicious actors. However, an unprotected FortiSandbox installation could potentially be used to misrepresent malicious files as safe, thereby compromising dependent Fortinet solutions or serving as a foothold for lateral movement within enterprise networks.

Additional Security Updates

In the recent wave of security updates, Fortinet also addressed three additional medium-severity vulnerabilities affecting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. Among these, two vulnerabilities (CVE-2025-61886 and CVE-2026-39812) allow for cross-site scripting (XSS) attacks. The third vulnerability (CVE-2026-25691) could enable a privileged attacker with super-admin access to delete arbitrary directories through crafted HTTP requests.

Fortinet emphasizes the importance of keeping security solutions up to date to mitigate potential risks. Organizations are encouraged to implement the latest patches to protect their infrastructures against these vulnerabilities and reinforce their overall cybersecurity posture.

Stay informed by subscribing to our breaking news alerts to receive timely updates on cybersecurity breaches, vulnerabilities, and threats.

Source: Help Net Security News